Top News Stories

Can You Trust the Cloud with Your Personal Data?

Do you use Facebook, Mint, Pandora, Shutterfly or an email service like Gmail, Yahoo or Hotmail? Then you're already storing information in the Cloud. The Cloud simply refers to a virtual place on the Internet where various kinds of data can be accessed by a computer, tablet or smartphone application.

I confess, I love the Cloud. Google Play Music keeps track of what music I download to my Android phone and saves a copy of all my tracks and playlists online so if I want to listen to my music from a computer or other device, I can. Instant Upload for Android sends any photo or video I take up with my phone to a private album in my Google+ account, which makes sharing them easy. And any change I make to my Google calendar on my desktop gets instantly synced to my phone.

Apple’s iCloud works the same way. All the photos, music, documents and more that you have saved on the Cloud get pushed out to your devices so you can access them whenever and wherever you want.

For file backup, sharing and sync, I have used SugarSync, although Dropbox or KeepVault (among others) work just as well. Not only does it make my files available across all my devices, it has proven to be invaluable. Once my laptop died. After replacing it I was able to retrieve all my files from the Cloud and save them onto the new computer in just a few minutes. And when I need to access a document when I’m not at the office, I don’t have to save a copy on a USB stick or e-mail it to myself. I can use any Internet connected device to get at all my documents.

Even though most people who are active online are already using the Cloud to some degree, there are those who don’t trust it. This is particularly true when it comes to backing up files online as opposed to using a secondary physical location such as an external hard drive.

So is there a chance files you backup to the Cloud could get lost or hacked? Yes, although Cloud storage service providers go to great lengths to stop it from happening. In fact, I quizzed Robb Henshaw, SugarSync's Director of Corporate Communications, about the company's security protocols and they're quite extensive (see Q&A below).

So should you use a Cloud service? It's not an easy answer. If you have sensitive information that could harm you or your business should it fall into the wrong hands or become unavailable for a period of time, you'll have to weigh the benefits of the anytime, anywhere access of the Cloud against the very small risk of loss. In the end, you may decide these select files may be better suited for a physical data locker that only you can open with a PIN, such as the 500 GB Apricorn Aegis Padlock 256-bit Encrypted Hard Drive ($174.99 on Amazon.com). But keep in mind that physical storage units can also be stolen or lost in a fire, perhaps at the same time as the computer they're backing up—which would be a disaster. For backing up photos, music and innocuous files that no one but you cares about—the Cloud is definitely the way to go.

Q&A With Robb Henshaw of SugarSync

CD: Is the Cloud safe from hackers?RH: Certain Cloud services, like SugarSync, do offer top security measures to ensure your data is safe from anyone else but you. SugarSync, for example, offers users the same level of encryption, data protection and security as consumers receive when doing a transaction with their banks online. Users’ files are transferred securely using TLS (Transport Layer Security) and are stored in the cloud in an encrypted format using 128-bit AES. We also operate our own SAS-70 compliant datacenters. SugarSync also ensures that all files accessed via mobile devices are encrypted as well, using SSL encryption. In addition, SugarSync undergoes regular third-party security audits to ensure there are no vulnerabilities in our system, and we are also regularly vetted by the partners we sign to ensure our security meets their standards.

CD: Can law enforcement or other entities get their hands on data a person has stored in the Cloud? RH: Yes, law enforcement can request that Cloud service providers turn over a user's data in connection with a criminal investigation—but they would need a subpoena to do so.

CD: What if a user encrypts a file before uploading? Does that cause a problem for SugarSync or in terms of accessing the files later?
RH: Some users do choose to use third-party encryption services (like TrueCrypt, etc.) to add an additional layer of encryption. When they do so, SugarSync cannot give anyone access to that content (even if served with a subpoena), but this also means that SugarSync will not be able to auto-sync changes made to the content because we will not be able to see the changes. But all other features would still work.

CD: Do you suggest that people also use some kind of secondary backup, like an external hard drive for extremely sensitive or valuable documents? Or is the Cloud so secure that nothing will ever happen to people's files? RH: The Cloud is absolutely secure, so there is no need to backup to external hard drives. In fact, external hard drives fail every 3-5 years, so there is a greater chance of losing data on external hard drives than on the Cloud.

(Note: Code 42 Software, which developed a cloud storage platform called CrashPlan, recently told me it takes a different approach and suggests that users do back up their files somewhere else, just to be safe.)

CD: How can a person know employees of the Cloud service aren't reading or doing things with people's files?RH: We promise as part of our terms & conditions that SugarSync employees will not access your account unless authorized to do so by the user expressly (i.e., for customer support reasons, if a user forgets their password, etc.).

CD: How can a person be sure that if a tornado rips through the building where the servers are kept they won't lose all their data?RH: In SugarSync's case, we have multiple data centers, and everyone's data is stored in multiple locations. And all our data centers are also backed up to Amazon's servers. So three datacenters (at least) in very different locations would all have to be destroyed at the same time for any user data to be lost. That likelihood is nearly impossible.

Discussion

Cloud Services Trust

A good article Christina.
It is true, the risks of running Cloud based services are high. However, companies that run them often have specialised departments to manage the security .. including; active intrusion detection, strong authentication mechanisms and 24x7 security staff monitoring the infrastructure and software…

Thanks Christina. You have addressed

From Terry on April 18, 2012 :: 7:30 am

Thanks Christina. You have addressed the real concern of businesses. On the personal front, these services are definitely amazing and have been really helpful to all of us. When it comes to business and the sensitive data we handle, it becomes the biggest concern especially about the security risks. Because of these reasons, we opted for a solution called Syncblaze which can be self-hosted, so we have complete control over all our data and at the same time get the privilege to such great solution to manage and collaborate on content.

The REAL concern

From Terry on April 18, 2012 :: 7:34 am

Thanks Christina. You have addressed the real concern of businesses. On the personal front, these services are definitely amazing and have been really helpful to all of us. When it comes to business and the sensitive data we handle, it becomes the biggest concern especially about the security risks. Because of these reasons, we opted for a solution called Syncblaze which can be self-hosted, so we have complete control over all our data and at the same time get the privilege to such great solution to manage and collaborate on content.

Thanks! I've made the correction.

Disingenuous perspective

Christina, it seems to me to be disingenuous to question the stability and security of cloud-based options after almost 30 years of technology development in online storage and processing options. If taken separately, the questions of stability and security have been more than addressed but the industry.
The stability and availability of the environment is dependent upon a hundred moving parts, several of which the hosting organization has no control over. The hardware & software behind it however are as good as the industry has to offer, which when it is compared to the environment from a decade ago is far superior - faster, more resilient and of much greater capacity at a lower cost than ever before (heck, many providers give away more online storage than some organizations had a few years ago!). The security is another matter, but the encryption that SugarSync provides makes the data yours and only yours. it is safe, it is secure, it is backed up waaay more often than most businesses and consumers would ever do on their own.

Ringing this bell is not doing anyone a service - seems more like ambulance chasing and typical media scare tactics to sell newspapers (or viewers in Techlicious’ case) - Techlicious is better than this.

I believe Christina provides a

From Suzanne Kantra on April 19, 2012 :: 8:50 am

I believe Christina provides a very balanced view of the benefits and risks of cloud-based services. There are risks, and to ignore them is disingenuous. But the purpose of this article is not to scare people away or sow fear, as some articles have. On the contrary, it’s to encourage people that, despite the risks, cloud services are an effective solution.

On the risks, the concern isn’t around the encryption being broken, which is well covered in the interview with SugarSync. The risks are with companies storing data in an unencrypted manner (see the recent Sony PlayStation hacks) or content being accessed by inadequate password protection features (see the Twitter hacking scandal from 2009: http://techcrunch.com/2009/07/14/in-our-inbox-hundreds-of-confidential-twitter-documents/). Cloud services have also encountered outages which made stored data temporarily irretrievable.

That said, there are significant risks from using local storage, too. Notably the loss or failure of your local backup device at the same time as your PC (as could easily happen with fire, flood or theft).

All together, Christina supports the use of cloud services in most instances, and uses them herself (as does Techlicious, extensively).

thanks

The sugarsync one is exactly what I have been looking for and wanting. I’ve tried dropbox, and it didn’t really work well for me. I just downloaded sugarsync, and so far it is seriously awesome. Thank you.

The latest privacy threat

From Rich Moser on April 18, 2012 :: 11:35 am

Last night, I was alerted to this brand new bill that is sounds like would make all our security software and hardware pretty much meaningless if it passes US Congress: The Cyber Intelligence Sharing and Protection Act (CISPA). “Companies that we trust with our personal information, like Microsoft and Facebook, are key supporters of this bill that lets corporations share all user activity and content with US government agents without needing a warrant in the name of cyber-security—nullifying privacy guarantees for almost everyone around the world, no matter where we live and surf online.” Please educate yourselves and spread the word.

Cloud Opinion

From Carrie on April 19, 2012 :: 10:28 am

I do and don’t agree with storing information in the cloud. I have been using online storage for awhile but recently changed to GoodSync to sync my files directly, instead of having them in the cloud. So far I really like it because I don’t have to worry about the cloud or expenses of cloud storage. I was using sugarsync for awhile but it just got too expensive.

Restoring data

From Nat on April 19, 2012 :: 4:25 pm

Another factor to consider is how you are going to get your data if you need it. If you have a hard drive crash and you rely on Cloud backup, it may take a long time to restore data online. I backup about 100 gigs to a Carbonite account($59 per year, unlimited data). I suspect that would probably take weeks to restore considering my DSL service. I keep an encrypted portable hard drive backup at home but I do not keep it as current as the Carbonite data. Carbonite does offers a “Courier Service” that will ship you a copy of your data but that is substantially more pricey.